How do I exclude a file or directory from my repository, for scanning?

Learn how to use .scanignore to exclude specific code from being scanned.

There will always be certain parts of a codebase that does not need to be analyzed. It could be because they either provide little to no value to thequality of a codebase, or that they are not something that your developers maintain, hence scanning them may produce inaccurate results.

Below are some recommendations for sections that users may want to exclude:

Unit tests

Generated codes

Third-party codes you don’t maintain

Codes not related to your application

Through a .scanignore file, you can seamlessly exclude specific code from being scanned.

Step-to-Step Guide

1. To get started, simply create a file named .scanignore in the root of your repository.

Here is an example repository:

2. Then, list the patterns you would like to exclude in the .scanignore file.

The Code Scanner recognizes patterns. Find out more about patterns at the bottom of this page!

For example, if you want to exclude all source files inside the folders ‘generated/’ and ‘deploy/scripts/’, your .scanignore would look like this:

3. Lastly, save the file.

If you have it locally, push your changes to GitHub so that those specified directories will be excluded the next time your repository gets scanned.

Additional Tips

You may include comments in your .scanignore file - just start a line with `#`.

You may put your .scanignore files in different directories (max. 2) and it will be processed by the Code Scanner.